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[57] ABSTRACT 

A method is provided for securely transmitting infc^rmation 
from a telephone to a calling party over a tel^hone network. 
In accordance with the method, encrypted audio signals are 
received from the telephone over a conununicatlon path to 
an authentication mechanism that may be located in the 
telq^honc network. Hie communication path is then dis- 
abled by placing the telephone is a hold state. The encrypted 
audio signals are decrypted to yield decrypted audio signals. 
The decrypted audio signals are transmitted to the calling 
party while the communication path is disabled. Finally, a 
communication path is enabled from the telephone to the 
calling party subsequent to transmitting the decrypted audio 
signals. This method provides a high degree of security since 
the communication path between the user and die audienti- 
cation medianism is disabled when the decrypted message 
is transmitted to the called party. Accordingly, a party were 
to intercept the communication path between the user and 
the authentication mechanism (such as a listener using a 
receiver to intercept a wireless telephone transmission), the 
party could not intercept the decrypted message. 

8 Claims, 5 Drawing Sheets 
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UNIVERSAL AUTHENTICATION DEVICE 
FOR USE OVER TELEPHONE LINES 

TECHNICAL FIELD 

This invcDtion relates to autbenticatioo arrangements for 
telecommunications systems users. 

BACKGROUND OF THE INVENTION 

Telephone calling card fraud and fraudulent use of cor- 
porate PBXs currently costs consumers over a billion dollars 
a year. In a typical arrangement, callers to the PBX use an 
800 number to get access to the PBX. Their authenticity is 
verified by asking them to dial a multi-digit digit access 
code, which, if authentic, gives these people access via the 
FBX to a second dial tone. The caller can then place any 
outgoing call not denied to normal users within the FBX. 
Qearly. anyone who can obtain the 800 number and the 
access code can then place calls that arc charged to the PBX. 
More generally* the present calling card arrangements are 
also subject to extensive fraud through the use of stolen 
cards through the interc^tion by audio taps or visual 
observation of a calling card number. Computer "hackers" 
are particularly active in using their computers to access 
corporate PBXs and determine valid access codes by trial 
and error. They then sell these codes along with the PBX 
telephone numbers to **resellers** who resell these to numer- 
ous fraudulent users. This vastly magnifies the scope of the 
fraud. Similar problems arise when a caller transmits private 
information such as a aedit card or social security number. 
Private information can be readily intercepted io tiie same 
manner in which access codes are fraudulently obtained. 

U.S. Pat No. 5.406,619 relates to a universal authentica- 
tion (UA) device that can be used over any phone line to 
authenticate the use of calling cards, private corporate PBXs 
etc. The authentication device provides unique signals that 
authenticate its user. The authentication device is used in 
lieu of a calling card and is equipped with hardware to allow 
a query-response type of authentication scheme to be used or 
to provide the data of a query and the response to that data. 
In any case, the authentication message (response) sent by 
the device will be different for successive authentication 
requests. The UA includes an audio interface (tone genera- 
tion and reception) which allows die device to conummicate 
directly with the telephone using tone signals and frees the 
user from manual keying in of codes. However, since the 
authentication message sent by the UA device is in an 
encrypted format the technique disclosed in this patent 
cannot be used to transmit pdvate infomution to a called 
party, unless, of course, the called party can decrypt the 
message. Thus, a problem exists in that there is no inexpen- 
sive and convenient arrangement for permitting users of 
ordinary telq>hone lines or wireless systems to transmit 
private information with a relatively high degree of security 
and which does not require decryption by the called party. 

SUMMARY OF THE INVENTION 

Hie present invention provides a method for securely 
transmitting information from a telephone to a calling par^ 
over a telephone network. In accordance with the method, 
encrypted audio signals are received from the telephone over 
a conmuinication path to an authenticatioD mechanism that 
may be located in the telephone network. The communica- 
tion path is then disabled by placing the telephone is a hold 
state. The encrypted audio signals are decryf^ed to yield 
decrypted audio signals. The decrypted audio signals are 
transmitted to the calling party while the communication 
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path is disabled. Finally, a communicatioD path is enabled 
from the telq)hone to the calling party subsequent to trans- 
mitting the decrypted audio signals. This method provides a 
high degree of security since the communication path 

5 between the user and the authentication mechanism is dis- 
abled when the decrypted message is transmitted to the 
called party. Accordingly, if a party were to intercept the 
conununication path between the user and the authentication 
mechanism (sudi as a listener using a receiver to intercept 

10 a wireless telephone transmission), the party could not 
intercut the decrypted message. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a block diagram of one scenario for authenti- 
15 cation in accordance with the present invention. 

FIG. 2 shows one embodiment of the UA constructed in 
accordance with the present invention that can be easily 
mounted to and removed from a cellular telephone. 
FIG. 3 shows a perspective view of an exemplary portable 
20 cellular tel^hone to which the UA shown in FIG. 2 may be 
mounted 

FIG. 4 shows the UA and telephone positioned inside a 
sleeve. 

FIG. 5 shows the external appearance of one embodiment 
25 of the UA. 

FIG. 6 is an overall block diagram of the operation of the 
universal authenticator. 
FIG. 7 shows the internals of the UA. 

30 DETAILED DESCRIPTION 

A Universal Authenticator (UA) is a card- sized device 
that is equipped with computational hardware to implement 
a function mapping queries into responses, a keypad to enter 
input, an LCD display and an audio interface which can 

^5 receive input and provide output in the form of tones 
transnoittable via a telephone handset over a customer line to 
a switching systeno. The object of implementing a function 
m^ing queries (a first number) into responses (part of a 
second number) is to aeate time varying responses, based 

^ on time varying queries, so that an interception of one 
query-response couple will not be useful at a later time. It 
also has the tnagnetic bar inf(»mation currently on calling 
cards so that it can also be used at the special stations already 
provided for calling cards as well as from any other phone. 

*5 Two different devices provided to two different users picked 
at random, will almost certainly use different functions to 
generate responses. It should be noted that tfie device is 
significantly different fix>m the AT&T SMART CARD Reg- 
istered TM and other smart cards which can only be used 

^ from special stations. (This is discussed in detail later). Time 
varying authentication messages may be produced by three 
different methods. The first method is to use a diaUenge- 
response scheme-that Is. to let the system at the far end 
provide a random number to the authentication device, 

55 which then conq>ute$ an approjmte response and transmits 
it back to the system. The other method is to use the Hme 
of Day as input to a function, and transmit the output of the 
function as well as the Time of Day used, to the system at 
the far end. The diird method is to use a monotonically 

^ increasing or decreasing function, such as a count which is 
incremented with each use. The first method is described in 
detail in the following paragraphs. Ute second and third 
methods are briefly described later. 

^ USE OF UNIVERSAL AUTHENTICATOR 

A procedure for using this device for corporate PBX 
authentication is as follows. Each legitimate user is assigned 
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a Personal Identification Number (PIN) which is also asso- face (not shown), an upper end wall 23 from which a 
dated with the particular UA provided to him or her. Before coU^sible antenna 15 extends, a pair of opposed side walls 

seeking authentication the user enters his/her PIN into the 24 and 25 with a bank of connector holes 16 fonned in one 

UA to activate it The UA will only be activated and ready sudi wall, and a bottom end wall containing a jack recess 

for use if the PIN is correct Next, the user dials a phone 5 shown). 

number (printed on the UA if desirable) to seek authentica- In accordance with the embodiment of the present inven- 
tion (as done currently with corporate PBXs). A voiced tion shown in FIG. 2. a pair of speakers is disposed lateral 
response directs the user to place tfic activated UA close to to the plane of the UA so that when the UA is placed adjacent 
the eaipiece of the calling telephone station and enable it to to the back face of the cellular telephone, the speakers will 
receive incoming tones from the earpiece. The authentica- lo ^ situated along the side walls 24 and 25 of the telephone 
tion system then sends a set of tones representing a random in proximity to the earpiece 13. The UA may be conve- 
numbcT which is received by the audio interface of the UA. niently coupled to the telq>hone with a sleeve fabricated 
niis is the query number. The UA then produces an output elastic material. The UA, witfi its speakers, arc posi- 
number as an ^propriate response to the query number and tioned inside the sleeve and the telephone is then inserted 
flashes a message to the user to place the UA on the i5 through the sleeve, as shown in FIG. 4. The sleeve 27 may 
mouthpiece and hit the key to start transmission. The UA have one or more cut-outs to expose the display 12, push 
sends the set of tones representing the output that it has button area 11. earpiece 13 and mouthpiece 14. The elastic 
produced. The system matches die response against an material fanning the sleeve is sufficiently flexible to fit 
output that it generates Internally, and authenticates the around a wide variety of cellular telephone configurations, 
request if there is a match. The overall scenario of operation 20 The sleeve is configured so that it does not interiere with 
is shown in FIG. 1. either the antenna 15 or the recharging process. The position 
The user has the option, the only option available in some the length of the telephone may be varied 
presenUy avaUable authentication devices, of manuaUy key- property accommodate the features of any particular 
ing io the number to the UA and diaUng the response back tel^hone design. 

to the system manually. In this case a voiced response fi-om 25 The design of the UA diown in FIG. 2 may be modified 

the system provides the user with a random number to enter apprc^riate to accommodate the requirements of cellular 

into the UA. Once this is keyed into the UA by the user, the tdephones. For example, the UA may be provided with a 

UA produces a corresponding ou^t number on its display. sliding, spring-loaded activation switch instead of a push- 

This is entered by the user (using a telephone dual tone button switch to minimize the likelihood of accidental 

multi-ftequency (DTMF) keyboard if provided or using ^ activation.Inoperation,theUAmay advantageously employ 

voice if a speech-recognizing system is supported) to seek * single authentication procedure such as by employing a 

authentication. Alternatively, and preferably, the user may nionotonically increasing or decreasing function. For 

request the UA to transmit the tones representing the output exan^)le. In one simple authentication procedure, which is 

number. discussed below, the UA counts the total number of previous 

3S authentications and the authentication system only accepts 

APPEARANCE AND INTERNALS the authentication if the count transmitted by the UA 

„^ ^ ^ . , , , exceeds Uie last authenticated count The use of this autfien- 

¥IG. 5 shows die external appearance of the UA. TTie ^eation procedure eliminates the need to enter numbers into 

external appeanmce of the device is smular to a smart card UA and hence no keyboard is needed. The internals of 

except that It has an audio interface to allow itto commu- ^ the device are shown in FIG. 7. Entry from the keypad is 

nicate usmg an a^aryjdephone^stabon.-The^keypad ^one citiicr when entering the PIN or if manual inode of 

aUo^^^of the PE^or manual CE^^^ .^^^ t^e input number is diosen. Depending on the 

numto-(tf^ usa^^^ displays^Ae operation, the entry from the keypad is ga^to ei^er a PIN 

number^toed^i^^^ entry registcx or a MUX. The content of the PIN entry 

re^nsc^mmbCTas^a^^^^^ registeriscompared with the content of a stored PIN registi 

mdica^ftatTcon^^ ui the;notch7^ in case of a matdi, die computcAable lookup unit of the 

<m the^^e ^Jo^ microprocessor (for generating the response) is enabled for 

and^is^nvemenj^jn^^ subsequent operation. When the user enables the tone detec- 

against^the-carpiece or mouthpiece. tion (by using the key in the notch) the received tones (from 

A magnetic bar code on the device allows it to be used 50 the receiver) are converted into bits which are sent to the 

ftoax a calling card reader station as well. In this case, only MUX. The MUX allows the choice of automatic mode 

the encoded identification is transmitted, so that authentica- (tiirougli the audio int^ace) or manual mode (through the 

tion is much less secure. keypad) of input entry. The entry selected by the MUX is 

FIG. 2 shows one embodiment the UA that can be entered into the ii^mt shift register and subsequently pro- 

easily mounted to and removed from a ceUular tclcf^one so 55 vided to flie compute/table lookup unit On coni^)letion of 

that the caller does not need to physically handle the device respcmse con^tation, the response is provided to bodi the 

during initiation of a call, Hiis fcattire may be advanta- ou^ut display register and the output shift register. The 

geously employed in cellular telephones located in ou^t display register allows the response ouq)ut to be 

autonoobiles, for exanq>le, where the caller may have par- displayed in the LCD The content of the output shift register 

ticular difficulty in placing the UA against the earpiece and 60 is provided to the tone generator when the user enables it (by 

where for security reasons it is desirable to remove the UA clicking the key in the edge notch a second time) and (he 

from the cellular telq)hone when not in use. FIG. 3 shows tone generator converts the output to tones which are 

a perspective view of an excn:q>laiy pcHtable cdlular tele- transmitted by the transmitter. 

phone to which the UA shown in FIG. 2 may be mounted. FIG. 1 is a block diagram oi the scenario for authentica- 

TTic telephone has a front operational face with a push button 65 tion. The user enters a PIN into a universal authenticator 

area 11 and display screen 12 disposed between an earpiece (action block 101). This joimes the universal authenticator 

13 and mouthpiece 14. The telephone has a smooth back for later use. The user then calls a telephone number for the 
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authentication service and holds the UA against the earpiece from the tone detector of the UA and is transmitted (arrow 

of the telephone instrument to receive an input number, 513) to storage 515 for staing the digits representing the 

generally a random number generated by the authentication input number. (In an alternative arrangement, the input 

system. The call is set up (arrow 105) to the authentication number can be keyed in by the user using keypad 307.) 

system and the authentication system which is generally 5 These 8 digits are then passed (arrow 517) to the compute 

cither a switching system (switch) or a PBX provides a hardware 519 which generates 8 digits of ou^ut These 8 

random number to the UA by means of tone signals. These digits of output are combined with an 8-digit identification 

tone signals are transmitted to the UA (am)w 109) and are of the UA (in block 523) to form a l6-digit output consisting 

received via the earpiece of the handset of the telephone of ttie 8-digit ou^ut of the compute hardware and the 8-digit 

instrument. The UA then calculates the response and trans- 10 output of the sequence identification. Th we are stored in the 

mits a response via the mouthpiece of the subscriber hand- digits of block 525 and are transmitted (™ 527) from 

set This r^ponse is transmitted to the authentication system g^-^^^^^^ ^» ^^f *f 

/ ii-s^ u. u « , TTA ™™„o^ phone connection to the authentication system 501. They are 

anow 113) which matches the UA response against an deceived and stored in a l^digit response register 531 which 

mtcmaUy gcnemed numb«- and ^ants the request if the ^ ^^^^ .^^^ ^^^^ 

response is vahd (action blwk 115). The autiientic^on ^5 533 ^^^^^^ ^^^^ ^^5) these digits to the compute 

system then ti:ansmits backto the user a grant or demal of tfie hardware. The conqnite hardware then uses the input num- 

authentication (arrow 117) after which the user can make a j^e UA sequence identifier to compute the 8 digits 

telejAione call or otherwise take advantage of the positive ^^tpy^ computed by compute hardware 519 of the UA. 

authentication, Widi the universal authenticator described jte computed output is transmitted (arrow 549) to an output 

herein, it is also possible to use keyboard entry into die UA 20 register 545 where diey are con^ared (arrow 543) witii the 

instead of listening to tones and to inform the user of the g ou^ut digits received and stored in block 531. If there is 

random number through a voiced response from the authen- a match then authentication is granted and if there is a 

tication system. Similarly, it is also possible for the user to niismatch authentication is denied. The grant/deny authen- 

transmit a response to the authentication system by keying tication signal 547 is transmitted back to ttit user and is used 

in the reqwnse using a dual tone raultifrequency (DTW) 25 ^o allow the switching system or PBX to accept or reject 

keypad of the user's telephone instrument FWher, in an further calls from that user, 

alternative configuration, the UA itself supplies the input SAFEGUARDS 

number. Witii this ^^figuration, bloc^ 107 and a^ow 109 ^ well-known that the query-response method of 

are not used and fte UA mstead of receiving Ae mput authentication is superior to a single pass W or code, (See, 

number generates the input number mternaUy witiun block 30 ^ , Compute Seairity In The 

103. The response m this case must mdudc the input number Information, pages 223-234. Elsevier Science 

to permit the authentication system to authenticate the PubUshers, B. V„ IFIP, 1989.) In the query-response mode 

*Vesponse" number from the same input number that was response (the ou^ut number) tiiat is provided by tiie user 

used by the UA. is good wily for the specific query (input number) presented 

FIG. 5 is a physical diagram of the universal authenticator 35 by the system. An eavesdropper can gain nothing by illegal 

301, It includes an audio interface 303 comprising a micro- monitoring of the response because the query presented by 

{^one for receiving signals from a telephone connection and the system will almost certainly be something different the 

a speaker for transmitting signals to a telephone connection. next time and will require a conq>letely different response. 

The computing hardware 305 inside the UA is shown by a TVpically, a complex function (or a large table, or a com- 

dashed line since it cannot be seen from tiie outside of the 40 bination <rf function and table) to map queries to responses 

UA, The UA also has a keyboard 307 which has the 12 provides good protection gainst attempts to breach the 

DTMF keys and a reset bar 309 for resetting tiie UA. Also security of the system. 

shown are an LCD display 311 of numbers received or The second safeguard is tiie use of the PIN (possibly 4 

genaated by tiie UA and a key 313 in a notch on tfic edge ^^^^ This ensures that unless tiie PIN is known tfie UA is 

of tiie UA. A magnetic code bar 315 is also attached to tiie 45 "^^^^ f f ^f' P^^!?,^*^ ^ f 

outsideoftiieUAsotiiattheUAcanbereadbyconventional sedudedpkce(aw^frompub^^ 

... A i. i„t«^«i, ^ Finally, once tiie PIN is entered, tiie UA can only be used for 

S^r^ A ;™«H^^^ « of (««y 5) and for a lirited amount 

?!n^ A10 ^ ^ of time. Tlie FIN must be reentered after tiiat to continue 

5,4UO.oiy. . using tiie UA. This ensures that even if a UA loaded witfittie 

FIG. 6 is an overall block diagram of tiie operation of tfie 50 ^ gj^jigu^ ^an be used only a limited number of 

universal autiienticatOT, The circled numbers represent sue- times. Also, if a user loads a PIN and forgets to use Oie UA 

cessive steps and have been placed on the diagram to he^> subsequentiy. an automatic internal timer will erase the PIN 

die reader follow ttie progress of the process. The two main after some time, making tiic UA useless for a thief. Of 

blocks in dashed lines are the universal authenticator 301 course, the user Is expected to rq>ort loss of the UA 

and the authentication system 501 wtudi is likely to be a 5S inunediately as with other credit cards, calling cards etc. 

switching system or a PBX. The process starts when the user Finally, as with most autiientication schemes, tiie auflien- 

requests an autiientication (action block 503) Qt is assumed tication system will break ttie connection after a limited 

that the UA is already in tiie ready state because tiie user has number of retries in case of errors. Thus if tiie system at tiie 

previously entered a crarect PIN.) The request for autiien- f^r end receives an incorrect response it will send a different 

tication is performed by dialing a number for a connection 60 [^put to allow tiie user to retry. After a limited number of 

to autiientication system 501, The oomplrtion of the action retries the connection is broken. Reestablishing the connec- 
is rqjresented by arrow 505. The autiientication system tio^ ^ of course be delayed by the normal delay in tiic 

generates an 8-digit input number (block 507) which number phone network, 

is tiien Oransmitted by tones to tiie UA (arrow 509). TTie UA TjwrTvrr TTrtxr 

receives tiiese tones by being held against tiie earpiece of tfie 65 IMPLEMENTAnON 

handset from which the user requested the autiientication The implementation consists of two parts; the inq}iemcn- 
(action block 511). The input number is tiien transmitted tation of tiie query-response in software/hardware on ttie 
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switch/PBX. and the implementatioD of the program on the 
UA to detexmine the ou^ut Dumber given an input number. 
The part to be inqjlcmented on the switch, PBX or other 
telecommunications network element, consists of selection 
of the input random number, a DTMF output and/or voiced 
response system to relay the number to the user. recq>tion of 
the response or digits keyed in by user, and matching of 
these against the system's own internally generated 
response. The generation of response can be packaged in a 
chq> to avoid any jyobing. Within the UA there has to be a 
similar mechanism for generation of response. This mecha- 
nism can be an implementation of a cona^tational algorithm 
or a table lookup process or a combination of both. The 
mechanism within the switch/PBX for generation of the 
matdiing response must also take into account the identity 
of the particular UA involved. Two different UAs will almost 
certainly use different functions fa- the query-response 
match. The UA reveals its identity by embedding digits 
specifying its id number within its output response. The 
switch/PBX will, with the help of this id, determine the 
appropriate function to use for checking the response given 
by theUA. 

As indicated earlier the functions m^ing queries to 
responses should be different for different UAs. This may be 
achieved easily within the UA by having a table mapping 
certain iapxxXs to certain outputs. But. this has two serious 
drawbacks-first the set of inputs is limited thus somewhat 
compromising security, and secondly at the system end a 
very large amount of memory will be taken up storing the 
tables ctf the many UAs. A solution (from standard enci- 
pherment algodthins) is to use a common algorithm for the 
mapping, but modify the algorithm somewhat f<n- each user 
by using a different key iiq>ut for each user. Within the 
system the sequence id of the UA may be used as an entry 
into a table to find the key for that UA which can then be 
provided to the algorithm so that it is suitably modified for 
the particular UA and can calculate the proper response for 
the given input Wl^ the UA die details can be somewhat 
simpler. Only a specific version of the alg(Mithm has to be 
implcnaented. This may be wholly or partially table-driven. 
FIG. 6 shows some details of the ovcraU scheme involving 
the UA and of the query-response system on the switch or 
PBX (assuming the sizes of the initial query number and the 
UA sequence id to be both 8 digits long). (8 digits each for 
the query number and the sequence id will ^^vide sufficient 
protection, and at the same time the total response size to be 
keyed in by user would be 16 digits. This is comparable to 
calling card codes currently being used (14 digits). 

The UA is a sealed unit whidi will minimize damage due 
to moisture^ etc. The batteries are scaled in. A low power 
indicator informs the user that the battery is about to die; the 
user then has the option of calling in for a rqiiacemeat UA. 
Typically, the UA will be replaced cvciy couple of years just 
like credit cards, calling cards etc. The battery power is 
adequate to last the anticipated life-time of the UA. A 
customer provided FIN will be "bumf into a ROM in the 
UA before it is provided to the customer. The UA identity 
and key or other information necessary to contrd the 
generation of the response message are also ^'bumt'* into &e 
ROM of the UA. In one preferred implementation, the 
program is also "burnt** into the ROM. although, 
alternatively, it could be loaded into RAM after the batt^ 
is installed. 

Different codes for different services can be used to set the 
UA to a specific mode of operation for authenticating the use 
of the desired service. The telephone number to request the 
au Aentication for using the ^>edfic service has to be called 
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and the query-response process executed as earlier 
described. The implementation of the UA as well as the 
overall scheme is feasible with currently available technol- 
ogy. 

The authentication service can be provided by telephone 
switches (such as AT&T's 5ESS Registered TM switch) as 
a feature. Corporate PBXs can be served by such a switch 
which will act as a gatekeeper. Once a caller's request to 
access a PBX is authenticated the caller will be granted 
access to die PBX by the gatekeeper switch and the PBX 
will service the caller's requests, so the PBX is not tied up 
performiDg repeated authentication for users requesting 
access. Also, once die system end of die authentication 
mechanism is available on the telephone network it will 
become easier to make the UA available for a variety of 
purposes. The tcle^ione netwOTk owner (local telephone 
company or long distance provider) can then jH-ovide 
audientication as an end to end service-providing both UAs 
and the authentication service on the network. The UA is not 
a competitor of the smart card in this respect. While smart 
cards are usually more computationally powerful and vcr- 
satQe than the proposed UA. they are also more expensive 
and are restricted by thdr need for special stations to operate 
from. 

The UA also may be used to transmit private information 
such as a credit card number. In operation, the user transmits 
the private information to the network switch/PBX serving 
as the gatekeeper. The private inforraalion is encrypted by 
the UA using any of the previously mentioned encryption 
techniques used to encrypt authentication messages. The 
network gatekeeper subsequently decrypts the private infor- 
mation and temporarily disables the communication path 
between the user aixl netwcHk by pladng the user in a *1iold" 
state in a well known manner. The decrypted information is 
then forwarded to the called party by the gatekeeper. Since 
the communication path between the user and the gatekeeper 
is disabled, a party that intercepts this communication path 
(such as a listener using a receiver to intercept a wireless 
telephone transmissic»i) cannot intercept tht decrypted mes- 
sage transmitted from the gatekeeper to the called party. 
That is, the transmission of information from die user to die 
called party is performed in two distinct steps that arc 
isolated from one another so that bodi the encrypted and 
decrypted information cannot be intercq^ted by a single 
party receiving one step of the transmission. Once die 
decrypted infonnation has been transmitted by die network, 
the oomnmnication path between the network and die user is 
re-established so that communication between the user and 
the called patty can continue in the usual manner. 

AUERNATIVE IMPLEMENTATIONS 
It is possible to have a somewhat more rugged and less 
expensive in^lementation by not using the standard tones 
used by DTMF, and instead encoding the audio signals using 
frequency shift keying with just two frequencies in the audio 
range (a "high" frequency and a "low" frequency). This is 
the scfaone described, for example, in U.S. Pat No. 4.823, 
956, used for incoming caller line identification. In that case 
the DTMF Tone detector/generator (SSI20C90) will not be 
needed. Also, instead of a carbon microphone it is possible 
to use other techniques to pick up the incoming audio. A 
detector based on an inductor coil (similar to those used in 
hearing aids) can pick up the electrical signal directly from 
the i^one line (near the caipiecc) bypassing the need for a 
micrc^one. This will work well in noisy environments. 
Similarly, instead of an ordinary metal diaphragm speaker, a 
piezo-electric sound generator can be used to generate the 
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outgoing audio. Such piezo-electric devices are physically 
more rugged than metal diaphragms and are also more 
compact They are also less expensive. Them is no need for 
high fidelity in the audio output because it is only necessary 
for the far end to determine whether the frequency is "hi^** 5 
or "low". So piezo-electric sound generators which are 
typically limited to a few frequencies may be quite accept- 
able. The authenticator device requires the user to execute 
two actions with the device in order to receive authentica- 
tion. The user has to iirst click the receive/transmit key and 
hold the device against the earpiece to receive the incoming 
audio signal, and then click the key again and hold the 
device against the mouthpiece to transmit the outgoing audio 
signal. A modification to the scheme can reduce the number 
of user actions needed and make ttie device easier to use. 

By adding a pseudo random signal generator (such as a 
Pseudo Noise sequence generator) and an internal clocks the 
device can be itself made to produce the input number. Then 
there is no need to receive incoming audio signals from the 
phone line. The user then, has to only hold the device against 
the moutt^)iece and click the transmit key. The Time of Day 20 
available from the internal clock will be provided as the seed 
to the pseudo random signal generator, and the output of this 
generator will be the input number to the authenticator 
device. The device will transmit both its internal Time of 
Day (year, month, day. hour and minute) along with the 25 
ou^ut number from the conqHJtation/table look-up function. 

The system at the far end receives the Time of Day from 
the device and first verifies that it is close (within a 
threshold) to its own internal Time of Day. If the device's 
Time of Day is not within the threshold, the far end system ^ 
(PBX or switch) will ask that the device's clock be syn- 
dironized with the far end system* s clock before authenti- 
cation is requested. The check for the consistency of Time of 
Day is to be done to prevent an eavesdropper from recording 
a pair-Time of Day and output numbcr-and reusing the pair 
to gain fraudulent authentication. 

If the device's Time of Day is within the acceptable 
threshold the far end system uses the transmitted Hme of 
Day to generate the input number for authentication, and 
subsequently the output number, and matches it against the 
ou^ut number received. In case of a match, authentication ^ 
will be granted. 

Another alternative, somewhat less safe, is to store a 
count in the UA. and advance the count with each use. The 
authentication system also keeps track of the count Hie UA 
transmits both the count and &e transfonnation of the count 
to the authentication system. The authentication system will 
then verify the transformation but will only accept the 
authentication if the transmitted count exceeds the last 
authenticated count. Advantageously, this arrangement pre- 
vents someone who has intercepted a legitimate authentica- ^ 
tion from simply reusing it but avoids the necessity for 
receiving a random number from the authentication system. 
The term ^Yandom" or **pscudo-random** as used herein 
means that the number is unpredictable* and not that it meets 
the tests of random numbers such as those found in a random 
number table. Unpredictability is the key attribute. 

We claim: 

1. Authentication means comprising: 

means for automatically transmitting^^^agoals^yer^a 
voice tel^hone line, said line connected viaT tele- ^ 
pbone:n^work to an authentication systemTsaid means 
fortransnwflihg:an:anged:for transniitting>y^ 
user of-said^uthcntication means hold said joeans for 
transinitting.agidniCa.microphone of-a t 
tion while leaving a speaker of saidtdephonestatipn 65 
availableJcr-said user-of-said authen&cation.means to 
listen^ ~" ~ 



10 

means for generating a number, independent of any keyed 
personal identification number, coupled to said means 
for transmitting, wherein said number is derived from 
a time-varying quantity and a key unique for said 
authentication means, and said quantity globally and 
independently maintained internally in said authentica- 
tion means and in said authentication system; said 
number for transmission by said means for transmitting 
to said authentication system for authenticating an 
Identity of said user of said authentication means; and 
said number comprising data for identifying said 
authentication means and comj^ing no data based on 
any keyed personal identification data; 

means for storing a personal identification number; 

a keypad for entry of a personal identification number; 

means for enabling said authentication means-in response, 
to a matclTbf tfae stored'and entered^^onal identifi^ 
>cation^nuinbers7wli^ei[rmd~auth^tic^on.rncan|^^ 
tplanar-and^essentially the^ize:of:r^^t card and said 
Oraueans^fpr transiidtting^ paiFof ^opposing 

sp&l#s situatedjJnja^lane lateral^tcTa plane-of-tfie 
authentication-means ; 

a sleeve formed from an elastic material in which said 
auttientication means and said pair of speakers are 
insertable, said sleeve being configured to support said 
audientication means against a back face of a telephone 
when said sleeve is enclosed around said authentication 
means, said sleeve being further configured to allow 
operation of said telephone when enclosed around said 
authentication means. 

2. The authentication means of claim 1 further comiHislng 
a control key. for operation by said user in response to 
prompting signals received on said speaker of said telephone 
station, for changing a state of said authentication means. 

3. The authentication means of claim 2 wherein said 
control key is used for initiating transmission of said num- 
ber. 

4. The authentication means of claim 1 further comprising 
a key for disabling said authentication means. 

5. The authentication means of claim 1 further comprising 
timing 

means for disabling said authentication device after a 
lapse of a predetermined interval foUowing enablement 
or use of said authentication means. 

6. The authentication means of claim 1 furtiier conqnising 
clock means for maintaining date and time; 

wherein said independently maintained quantity is date 
and time. 

7. The authentication means of claim 1 fiirther conqiiis* 
ing: 

means for displaying said number, 

wherein, in noisy surroundings, said user is enabled to key 

said number into said telq)hone station, using a keypad 

of said station* 

8. The authentication means of claim 1 further compris- 
ing: 

means for storing additional personal identification num- 
bers; and 

means fct storing additional data corresponding to said 
additional personal identification numbers; 

wherein said means for enabling is also responsive to a 
match of one of said additional personal identification 
numbers for enabling said authentication means; and 

wherein said means for generating is further responsive to 
said additional data if said user keys one of said 
additional personal identification numbers. 

« * * * * 
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